Archive for September 29th, 2010

Every time a url is requested that does not exist on a webserver an error page is displayed. By default, the page is trailed by the signature of the server. The signature includes information about the webserver version, the operating system, installed modules like PHP, Python, SSL and many more.

As everyone knows, there is no software out there without security problems. Those versions of the installed modules can be used to attack the server. Therefore, it is a good idea to reduce or deactivate the signature.

The apache configuration file apache2.conf contains two settings that allow modifications for this subject. The default settings are displayed here.

ServerSignature = Full
ServerTokens = Prod

The following screenshot shows what would be displayed with the setting: